From 1ac668667ac74eb7b3fbc107a89499b442dc4599 Mon Sep 17 00:00:00 2001 From: djm Date: Sun, 30 Apr 2017 23:18:44 +0000 Subject: [PATCH] remove KEY_RSA1 ok markus@ --- usr.bin/ssh/clientloop.c | 5 ++- usr.bin/ssh/hostfile.c | 18 ++--------- usr.bin/ssh/ssh-agent.c | 28 ++++++++--------- usr.bin/ssh/ssh-keygen.1 | 9 +++--- usr.bin/ssh/ssh-keygen.c | 27 +++-------------- usr.bin/ssh/ssh-keyscan.1 | 9 ++---- usr.bin/ssh/ssh-keyscan.c | 64 +++++++++++++++++---------------------- usr.bin/ssh/ssh.c | 5 ++- usr.bin/ssh/ssh.h | 4 +-- usr.bin/ssh/sshconnect.c | 3 +- usr.bin/ssh/sshconnect2.c | 7 ++--- usr.bin/ssh/sshd.c | 10 +----- usr.bin/ssh/sshkey.c | 63 +++++--------------------------------- usr.bin/ssh/sshkey.h | 3 +- 14 files changed, 72 insertions(+), 183 deletions(-) diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index 91369de3c12..dd268cf40c2 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.292 2017/04/30 23:13:25 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.293 2017/04/30 23:18:44 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1816,8 +1816,7 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx) size_t i; struct sshkey **tmp; - if (l->status != HKF_STATUS_MATCHED || l->key == NULL || - l->key->type == KEY_RSA1) + if (l->status != HKF_STATUS_MATCHED || l->key == NULL) return 0; /* Mark off keys we've already seen for this host */ diff --git a/usr.bin/ssh/hostfile.c b/usr.bin/ssh/hostfile.c index 79f2b77d487..e8c1e3176f0 100644 --- a/usr.bin/ssh/hostfile.c +++ b/usr.bin/ssh/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.69 2017/04/30 23:10:43 djm Exp $ */ +/* $OpenBSD: hostfile.c,v 1.70 2017/04/30 23:18:44 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -343,16 +343,11 @@ check_hostkeys_by_key_or_type(struct hostkeys *hostkeys, HostStatus end_return = HOST_NEW; int want_cert = sshkey_is_cert(k); HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE; - int proto = (k ? k->type : keytype) == KEY_RSA1 ? 1 : 2; if (found != NULL) *found = NULL; for (i = 0; i < hostkeys->num_entries; i++) { - if (proto == 1 && hostkeys->entries[i].key->type != KEY_RSA1) - continue; - if (proto == 2 && hostkeys->entries[i].key->type == KEY_RSA1) - continue; if (hostkeys->entries[i].marker != want_marker) continue; if (k == NULL) { @@ -487,13 +482,6 @@ host_delete(struct hostkey_foreach_line *l, void *_ctx) return 0; } - /* XXX might need a knob for this later */ - /* Don't remove RSA1 keys */ - if (l->key->type == KEY_RSA1) { - fprintf(ctx->out, "%s\n", l->line); - return 0; - } - /* * If this line contains one of the keys that we will be * adding later, then don't change it and mark the key for @@ -801,12 +789,12 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, lineinfo.keytype = sshkey_type_from_name(ktype); /* - * Assume RSA1 if the first component is a short + * Assume legacy RSA1 if the first component is a short * decimal number. */ if (lineinfo.keytype == KEY_UNSPEC && l < 8 && strspn(ktype, "0123456789") == l) - lineinfo.keytype = KEY_RSA1; + goto bad; /* * Check that something other than whitespace follows diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index dbfaa507b48..ae94880bac2 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.219 2017/04/30 23:10:43 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.220 2017/04/30 23:18:44 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -234,6 +234,8 @@ process_request_identities(SocketEntry *e, int version) Identity *id; struct sshbuf *msg; int r; + u_char *blob; + size_t blen; if ((msg = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); @@ -243,21 +245,15 @@ process_request_identities(SocketEntry *e, int version) (r = sshbuf_put_u32(msg, tab->nentries)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); TAILQ_FOREACH(id, &tab->idlist, next) { - if (id->key->type == KEY_RSA1) { - } else { - u_char *blob; - size_t blen; - - if ((r = sshkey_to_blob(id->key, &blob, &blen)) != 0) { - error("%s: sshkey_to_blob: %s", __func__, - ssh_err(r)); - continue; - } - if ((r = sshbuf_put_string(msg, blob, blen)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); - free(blob); + if ((r = sshkey_to_blob(id->key, &blob, &blen)) != 0) { + error("%s: sshkey_to_blob: %s", __func__, + ssh_err(r)); + continue; } + if ((r = sshbuf_put_string(msg, blob, blen)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); + free(blob); if ((r = sshbuf_put_cstring(msg, id->comment)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); } @@ -626,7 +622,7 @@ process_add_smartcard_key(SocketEntry *e) count = pkcs11_add_provider(canonical_provider, pin, &keys); for (i = 0; i < count; i++) { k = keys[i]; - version = k->type == KEY_RSA1 ? 1 : 2; + version = 2; tab = idtab_lookup(version); if (lookup_identity(k, version) == NULL) { id = xcalloc(1, sizeof(Identity)); diff --git a/usr.bin/ssh/ssh-keygen.1 b/usr.bin/ssh/ssh-keygen.1 index a83388a9f11..be1a169f483 100644 --- a/usr.bin/ssh/ssh-keygen.1 +++ b/usr.bin/ssh/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.135 2017/04/29 06:06:01 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.136 2017/04/30 23:18:44 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 29 2017 $ +.Dd $Mdocdate: April 30 2017 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -207,7 +207,7 @@ There is no way to recover a lost passphrase. If the passphrase is lost or forgotten, a new key must be generated and the corresponding public key copied to other machines. .Pp -For RSA1 keys and keys stored in the newer OpenSSH format, +For keys stored in the newer OpenSSH format, there is also a comment field in the key file that is only for convenience to the user to help identify the key. The comment can tell what the key is for, or whatever is useful. @@ -264,7 +264,7 @@ flag will be ignored. Provides a new comment. .It Fl c Requests changing the comment in the private and public key files. -This operation is only supported for RSA1 keys and keys stored in the +This operation is only supported for keys stored in the newer OpenSSH format. The program will prompt for the file containing the private keys, for the passphrase if the key has one, and for the new comment. @@ -384,7 +384,6 @@ section. Prints the contents of one or more certificates. .It Fl l Show fingerprint of specified public key file. -Private RSA1 keys are also supported. For RSA and DSA keys .Nm tries to find the matching public key file and prints its fingerprint. diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index f141a703457..d77609c766e 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.301 2017/04/30 23:10:43 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.302 2017/04/30 23:18:44 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -240,9 +240,6 @@ ask_filename(struct passwd *pw, const char *prompt) name = _PATH_SSH_CLIENT_ID_RSA; else { switch (sshkey_type_from_name(key_type_name)) { - case KEY_RSA1: - name = _PATH_SSH_CLIENT_IDENTITY; - break; case KEY_DSA_CERT: case KEY_DSA: name = _PATH_SSH_CLIENT_ID_DSA; @@ -312,8 +309,6 @@ do_convert_to_ssh2(struct passwd *pw, struct sshkey *k) char comment[61]; int r; - if (k->type == KEY_RSA1) - fatal("version 1 keys are not supported"); if ((r = sshkey_to_blob(k, &blob, &len)) != 0) fatal("key_to_blob failed: %s", ssh_err(r)); /* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ @@ -335,7 +330,6 @@ static void do_convert_to_pkcs8(struct sshkey *k) { switch (sshkey_type_plain(k->type)) { - case KEY_RSA1: case KEY_RSA: if (!PEM_write_RSA_PUBKEY(stdout, k->rsa)) fatal("PEM_write_RSA_PUBKEY failed"); @@ -358,7 +352,6 @@ static void do_convert_to_pem(struct sshkey *k) { switch (sshkey_type_plain(k->type)) { - case KEY_RSA1: case KEY_RSA: if (!PEM_write_RSAPublicKey(stdout, k->rsa)) fatal("PEM_write_RSAPublicKey failed"); @@ -811,13 +804,6 @@ try_read_key(char **cpp) struct sshkey *ret; int r; - if ((ret = sshkey_new(KEY_RSA1)) == NULL) - fatal("sshkey_new failed"); - /* Try RSA1 */ - if ((r = sshkey_read(ret, cpp)) == 0) - return ret; - /* Try modern */ - sshkey_free(ret); if ((ret = sshkey_new(KEY_UNSPEC)) == NULL) fatal("sshkey_new failed"); if ((r = sshkey_read(ret, cpp)) == 0) @@ -1426,9 +1412,8 @@ do_change_comment(struct passwd *pw) } } - if (private->type != KEY_RSA1 && private->type != KEY_ED25519 && - !use_new_format) { - error("Comments are only supported for RSA1 or keys stored in " + if (private->type != KEY_ED25519 && !use_new_format) { + error("Comments are only supported for keys stored in " "the new format (-o)."); explicit_bzero(passphrase, strlen(passphrase)); sshkey_free(private); @@ -2227,13 +2212,11 @@ do_check_krl(struct passwd *pw, int argc, char **argv) } #endif -# define RSA1_USAGE "" - static void usage(void) { fprintf(stderr, - "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa%s]\n" + "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]\n" " [-N new_passphrase] [-C comment] [-f output_keyfile]\n" " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" " ssh-keygen -i [-m key_format] [-f input_keyfile]\n" @@ -2241,7 +2224,7 @@ usage(void) " ssh-keygen -y [-f input_keyfile]\n" " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n" - " ssh-keygen -B [-f input_keyfile]\n", RSA1_USAGE); + " ssh-keygen -B [-f input_keyfile]\n"); #ifdef ENABLE_PKCS11 fprintf(stderr, " ssh-keygen -D pkcs11\n"); diff --git a/usr.bin/ssh/ssh-keyscan.1 b/usr.bin/ssh/ssh-keyscan.1 index d29d9d90647..82bcb5d01aa 100644 --- a/usr.bin/ssh/ssh-keyscan.1 +++ b/usr.bin/ssh/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.38 2015/11/08 23:24:03 jmc Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.39 2017/04/30 23:18:44 djm Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -6,7 +6,7 @@ .\" permitted provided that due credit is given to the author and the .\" OpenBSD project by leaving this copyright notice intact. .\" -.Dd $Mdocdate: November 8 2015 $ +.Dd $Mdocdate: April 30 2017 $ .Dt SSH-KEYSCAN 1 .Os .Sh NAME @@ -127,11 +127,6 @@ Input format: 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 .Ed .Pp -Output format for RSA1 keys: -.Bd -literal -host-or-namelist bits exponent modulus -.Ed -.Pp Output format for RSA, DSA, ECDSA, and Ed25519 keys: .Bd -literal host-or-namelist keytype base64-encoded-key diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c index ab85caec39b..438f66ba877 100644 --- a/usr.bin/ssh/ssh-keyscan.c +++ b/usr.bin/ssh/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.111 2017/04/30 23:13:25 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.112 2017/04/30 23:18:44 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -48,11 +48,13 @@ int IPv4or6 = AF_UNSPEC; int ssh_port = SSH_DEFAULT_PORT; -#define KT_RSA1 1 -#define KT_DSA 2 -#define KT_RSA 4 -#define KT_ECDSA 8 -#define KT_ED25519 16 +#define KT_DSA (1) +#define KT_RSA (1<<1) +#define KT_ECDSA (1<<2) +#define KT_ED25519 (1<<3) + +#define KT_MIN KT_DSA +#define KT_MAX KT_ED25519 int get_cert = 0; int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; @@ -86,7 +88,7 @@ typedef struct Connection { int c_plen; /* Packet length field for ssh packet */ int c_len; /* Total bytes which must be read. */ int c_off; /* Length of data read so far. */ - int c_keytype; /* Only one of KT_RSA1, KT_DSA, or KT_RSA */ + int c_keytype; /* Only one of KT_* */ sig_atomic_t c_done; /* SSH2 done */ char *c_namebase; /* Address to free for c_name and c_namelist */ char *c_name; /* Hostname of connection for errors */ @@ -415,6 +417,20 @@ congreet(int s) size_t bufsiz; con *c = &fdcon[s]; + /* send client banner */ + n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n", + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2); + if (n < 0 || (size_t)n >= sizeof(buf)) { + error("snprintf: buffer too small"); + confree(s); + return; + } + if (atomicio(vwrite, s, buf, n) != (size_t)n) { + error("write (%s): %s", c->c_name, strerror(errno)); + confree(s); + return; + } + for (;;) { memset(buf, '\0', sizeof(buf)); bufsiz = sizeof(buf); @@ -457,38 +473,14 @@ congreet(int s) c->c_ssh->compat = compat_datafellows(remote_version); else c->c_ssh->compat = 0; - if (c->c_keytype != KT_RSA1) { - if (!ssh2_capable(remote_major, remote_minor)) { - debug("%s doesn't support ssh2", c->c_name); - confree(s); - return; - } - } else if (remote_major != 1) { - debug("%s doesn't support ssh1", c->c_name); + if (!ssh2_capable(remote_major, remote_minor)) { + debug("%s doesn't support ssh2", c->c_name); confree(s); return; } fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf)); - n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n", - c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2, - c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2); - if (n < 0 || (size_t)n >= sizeof(buf)) { - error("snprintf: buffer too small"); - confree(s); - return; - } - if (atomicio(vwrite, s, buf, n) != (size_t)n) { - error("write (%s): %s", c->c_name, strerror(errno)); - confree(s); - return; - } - if (c->c_keytype != KT_RSA1) { - keygrab_ssh2(c); - confree(s); - return; - } - c->c_status = CS_SIZE; - contouch(s); + keygrab_ssh2(c); + confree(s); } static void @@ -586,7 +578,7 @@ do_host(char *host) if (name == NULL) return; - for (j = KT_RSA1; j <= KT_ED25519; j *= 2) { + for (j = KT_MIN; j <= KT_MAX; j *= 2) { if (get_keytypes & j) { while (ncon >= MAXCON) conloop(); diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 059ec406fc1..ee3f8460d3e 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.456 2017/04/30 23:15:04 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.457 2017/04/30 23:18:44 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1242,8 +1242,7 @@ main(int ac, char **av) sensitive_data.nkeys = 0; sensitive_data.keys = NULL; sensitive_data.external_keysign = 0; - if (options.rhosts_rsa_authentication || - options.hostbased_authentication) { + if (options.hostbased_authentication) { sensitive_data.nkeys = 9; sensitive_data.keys = xcalloc(sensitive_data.nkeys, sizeof(Key)); diff --git a/usr.bin/ssh/ssh.h b/usr.bin/ssh/ssh.h index 8fa124e02c9..021f5c957c2 100644 --- a/usr.bin/ssh/ssh.h +++ b/usr.bin/ssh/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.83 2015/12/11 03:19:09 djm Exp $ */ +/* $OpenBSD: ssh.h,v 1.84 2017/04/30 23:18:44 djm Exp $ */ /* * Author: Tatu Ylonen @@ -32,7 +32,7 @@ /* * Maximum length of lines in authorized_keys file. - * Current value permits 16kbit RSA and RSA1 keys and 8kbit DSA keys, with + * Current value permits 16kbit RSA keys and 8kbit DSA keys, with * some room for options and comments. */ #define SSH_MAX_PUBKEY_BYTES 16384 diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 837c7ceef0f..46096ef9172 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.276 2017/04/30 23:13:25 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.277 2017/04/30 23:18:44 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1341,7 +1341,6 @@ static int show_other_keys(struct hostkeys *hostkeys, Key *key) { int type[] = { - KEY_RSA1, KEY_RSA, KEY_DSA, KEY_ECDSA, diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 68add476cfc..41af1329848 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.256 2017/04/28 03:24:53 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.257 2017/04/30 23:18:44 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1309,8 +1309,6 @@ pubkey_prepare(Authctxt *authctxt) /* list of keys stored in the filesystem and PKCS#11 */ for (i = 0; i < options.num_identity_files; i++) { key = options.identity_keys[i]; - if (key && key->type == KEY_RSA1) - continue; if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER) continue; options.identity_keys[i] = NULL; @@ -1463,7 +1461,7 @@ try_identity(Identity *id) key_type(id->key), id->filename); return (0); } - return (id->key->type != KEY_RSA1); + return 1; } int @@ -1756,7 +1754,6 @@ userauth_hostbased(Authctxt *authctxt) private = NULL; for (i = 0; i < authctxt->sensitive->nkeys; i++) { if (authctxt->sensitive->keys[i] == NULL || - authctxt->sensitive->keys[i]->type == KEY_RSA1 || authctxt->sensitive->keys[i]->type == KEY_UNSPEC) continue; if (match_pattern_list( diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index fcde14dee4c..e943cb256d9 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.486 2017/04/30 23:13:25 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.487 2017/04/30 23:18:44 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1550,14 +1550,6 @@ main(int ac, char **av) key = key_load_private(options.host_key_files[i], "", NULL); pubkey = key_load_public(options.host_key_files[i], NULL); - if ((pubkey != NULL && pubkey->type == KEY_RSA1) || - (key != NULL && key->type == KEY_RSA1)) { - verbose("Ignoring RSA1 key %s", - options.host_key_files[i]); - key_free(key); - key_free(pubkey); - continue; - } if (pubkey == NULL && key != NULL) pubkey = key_demote(key); sensitive_data.host_keys[i] = key; diff --git a/usr.bin/ssh/sshkey.c b/usr.bin/ssh/sshkey.c index ac35bdd4ad7..c9f149cd765 100644 --- a/usr.bin/ssh/sshkey.c +++ b/usr.bin/ssh/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.47 2017/04/30 23:15:04 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.48 2017/04/30 23:18:44 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -223,10 +223,6 @@ sshkey_names_valid2(const char *names, int allow_wildcard) for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { type = sshkey_type_from_name(p); - if (type == KEY_RSA1) { - free(s); - return 0; - } if (type == KEY_UNSPEC) { if (allow_wildcard) { /* @@ -235,8 +231,6 @@ sshkey_names_valid2(const char *names, int allow_wildcard) * the component is accepted. */ for (kt = keytypes; kt->type != -1; kt++) { - if (kt->type == KEY_RSA1) - continue; if (match_pattern_list(kt->name, p, 0) != 0) break; @@ -257,7 +251,6 @@ sshkey_size(const struct sshkey *k) { switch (k->type) { #ifdef WITH_OPENSSL - case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT: return BN_num_bits(k->rsa->n); @@ -452,7 +445,6 @@ sshkey_new(int type) k->ed25519_pk = NULL; switch (k->type) { #ifdef WITH_OPENSSL - case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT: if ((rsa = RSA_new()) == NULL || @@ -510,7 +502,6 @@ sshkey_add_private(struct sshkey *k) { switch (k->type) { #ifdef WITH_OPENSSL - case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT: #define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL) @@ -566,7 +557,6 @@ sshkey_free(struct sshkey *k) return; switch (k->type) { #ifdef WITH_OPENSSL - case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT: if (k->rsa != NULL) @@ -642,7 +632,6 @@ sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) switch (a->type) { #ifdef WITH_OPENSSL - case KEY_RSA1: case KEY_RSA_CERT: case KEY_RSA: return a->rsa != NULL && b->rsa != NULL && @@ -855,25 +844,7 @@ sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg, r = SSH_ERR_INVALID_ARGUMENT; goto out; } - - if (k->type == KEY_RSA1) { -#ifdef WITH_OPENSSL - int nlen = BN_num_bytes(k->rsa->n); - int elen = BN_num_bytes(k->rsa->e); - - if (nlen < 0 || elen < 0 || nlen >= INT_MAX - elen) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - blob_len = nlen + elen; - if ((blob = malloc(blob_len)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - BN_bn2bin(k->rsa->n, blob); - BN_bn2bin(k->rsa->e, blob + nlen); -#endif /* WITH_OPENSSL */ - } else if ((r = to_blob(k, &blob, &blob_len, 1)) != 0) + if ((r = to_blob(k, &blob, &blob_len, 1)) != 0) goto out; if ((ret = calloc(1, SSH_DIGEST_MAX_LENGTH)) == NULL) { r = SSH_ERR_ALLOC_FAIL; @@ -1182,8 +1153,6 @@ sshkey_read(struct sshkey *ret, char **cpp) cp = *cpp; switch (ret->type) { - case KEY_RSA1: - break; case KEY_UNSPEC: case KEY_RSA: case KEY_DSA: @@ -1334,31 +1303,17 @@ sshkey_to_base64(const struct sshkey *key, char **b64p) return r; } -static int -sshkey_format_rsa1(const struct sshkey *key, struct sshbuf *b) -{ - int r = SSH_ERR_INTERNAL_ERROR; - - return r; -} - static int sshkey_format_text(const struct sshkey *key, struct sshbuf *b) { int r = SSH_ERR_INTERNAL_ERROR; char *uu = NULL; - if (key->type == KEY_RSA1) { - if ((r = sshkey_format_rsa1(key, b)) != 0) - goto out; - } else { - /* Unsupported key types handled in sshkey_to_base64() */ - if ((r = sshkey_to_base64(key, &uu)) != 0) - goto out; - if ((r = sshbuf_putf(b, "%s %s", - sshkey_ssh_name(key), uu)) != 0) - goto out; - } + if ((r = sshkey_to_base64(key, &uu)) != 0) + goto out; + if ((r = sshbuf_putf(b, "%s %s", + sshkey_ssh_name(key), uu)) != 0) + goto out; r = 0; out: free(uu); @@ -1568,7 +1523,6 @@ sshkey_generate(int type, u_int bits, struct sshkey **keyp) &k->ecdsa); break; case KEY_RSA: - case KEY_RSA1: ret = rsa_generate_private_key(bits, &k->rsa); break; #endif /* WITH_OPENSSL */ @@ -1677,7 +1631,6 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) } break; case KEY_RSA: - case KEY_RSA1: case KEY_RSA_CERT: if ((n = sshkey_new(k->type)) == NULL) return SSH_ERR_ALLOC_FAIL; @@ -2141,7 +2094,6 @@ sshkey_demote(const struct sshkey *k, struct sshkey **dkp) if ((ret = sshkey_cert_copy(k, pk)) != 0) goto fail; /* FALLTHROUGH */ - case KEY_RSA1: case KEY_RSA: if ((pk->rsa = RSA_new()) == NULL || (pk->rsa->e = BN_dup(k->rsa->e)) == NULL || @@ -2692,7 +2644,6 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) switch (k->type) { case KEY_RSA: case KEY_RSA_CERT: - case KEY_RSA1: if (RSA_blinding_on(k->rsa, NULL) != 1) { r = SSH_ERR_LIBCRYPTO_ERROR; goto out; diff --git a/usr.bin/ssh/sshkey.h b/usr.bin/ssh/sshkey.h index b46e7221bda..4cd268fd7ac 100644 --- a/usr.bin/ssh/sshkey.h +++ b/usr.bin/ssh/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.15 2017/03/10 04:07:20 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.16 2017/04/30 23:18:44 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -47,7 +47,6 @@ struct sshbuf; /* Key types */ enum sshkey_types { - KEY_RSA1, KEY_RSA, KEY_DSA, KEY_ECDSA, -- 2.20.1